There are two conventional technologies, that is, a first conventional technology, and a second conventional technology, as described below.
First, the first conventional technology is described below. If data is to be provided only for a specific user, means, etc., then a method for preventing other users or means than the specific user or means from accessing the data is used by the transmission side encrypting and transmitting the data, and the reception side decrypting and uses the encrypted data.
The above described method is described below by referring to an example in which data is transmitted and received from an STB (Set Top Box, that is, a satellite broadcast receiver) for satellite broadcast to a VTR device for recording satellite broadcast data. In this method, data is encrypted to record correct satellite broadcast data only in the VTR device registered as a subscriber for recording satellite broadcast.
FIG. 14 shows a configuration of a conventional data transmission and reception system in which an STB for satellite broadcast functions as a data transmission device, and a VTR device functions as a data reception device. The configuration shows only the components relating to the transmission and reception of data between the STB and the VTR device, and reception means, etc. for receiving data from a satellite to the STB, and recording means, etc. for recording data to a recording medium in the VTR device are not shown here. The present system includes: an STB 101 for converting an electric wave received from a satellite into AV data and transmitting the data to a VTR device 102; and the VTR device 102 for recording the AV data transmitted from the STB 101 in the recording medium.
The STB 101 includes: encryption means 111 for periodically or non-periodically updating a work key Kw, performing a first encryption process using the work key Kw on digital data D obtained by converting an electric wave received from a satellite into AV data so that the digital data D can be converted into encrypted digital data Kw (D), and transmitting the result to the VTR device 102; a key encryption means 112 for generating a control key Kc, performing a second encryption process using the control key Kc on the work key Kw so that the work key Kw can be converted into an encrypted work key Kc (Kw), and transmitting the result to the VTR device 102; a transmission side authentication and key exchange means 113 for performing an authentication and key exchange process with the VTR device 102; and a D-I/F (digital interface) 114 for directly transmitting and receiving data to and from a D-I/F 124 of the VTR device 102.
The VTR device 102 includes: the D-I/F 124 for directly transmitting and receiving data to and from the D-I/F 114 of the STB 101; a reception side authentication and key exchange means 123 for performing an authentication and key exchange process with the transmission side authentication and key exchange means 113 of the STB 101; key restoration means 122 for decrypting the encrypted work key Kc (Kw) using the control key Kc obtained through the reception side authentication and key exchange means 123, and restoring the work key Kw; and decryption means 121 for decrypting the encrypted digital data Kw (D) using the work key Kw restored by the key restoration means 122, and restoring the digital data D.
The data transmitted from the STB 101 to the VTR device 102 is the encrypted digital data Kw (D), the encrypted work key Kc (Kw), and the control key Kc. However, since the encrypted digital data Kw (D) and the encrypted work key Kc (Kw) are encrypted data, and the control key Kc is transmitted after the transmission side authentication and key exchange means 113 and the reception side authentication and key exchange means 123 perform an authentication process, the system has high security against the third party who is illegally using data.
Described below is the second conventional technology. As described above, in recent years there has been developed a technology for transmitting AV contents (AV data) such as movies, etc. using a digital signal, and receiving the AV contents.
A transmission device for transmitting such AV contents encrypts AV contents before transmission to protect the AV contents. A reception device receives and decrypts the encrypted AV contents, and displays the AV contents on the monitor.
As described above, the transmission device encrypts the AV contents. However, there are plural types of encrypting methods for encrypting the AV contents. For example, if the reception device is a normal domestic electric appliance such as a television, etc., then a “basic encrypting method” referred to as a baseline cipher such as M6, Blowfish, etc. is used corresponding to the domestic electric appliance. On the other hand, if, for example, the reception device is an appliance having a high-level arithmetic operations capability such as a personal computer, etc., then an “extended encrypting method” such as DES or the like which is more complicated and has a higher encryption level is used.
As in the conventional technology, the objects of the present invention exist corresponding to each of the first and second conventional technologies. Therefore, the objects are sequentially described below.
First, the object corresponding to the first conventional technology is described below. As described above, the control key Kc is transmitted after being authenticated. However, if the same control key Kc is continuously used, it may probably be decrypted by the third party. Therefore, the system can have higher security by periodically or non-periodically updating the control key Kc. However, since it is necessary to perform the authentication and key exchange process each time the control key Kc is updated, it is strongly demanded to minimize the frequency of the authentication and key exchange process for the purpose of reducing the load onto the system and improving the transmission and reception efficiency.
FIG. 15 shows a relationship between the execution of the control key update process and the authentication and that of key exchange process when the control key is updated by the conventional data transmission and reception system. The horizontal axis indicates the passage of time. The bar in the first row indicates that the STB is transmitting a data signal. The arrow in the second row indicates the range in which the same control key Kc is used. FIG. 15 shows that control key Kc [1] is updated into control key Kc [2]. The bars in the third through fifth rows indicate that the VTR device is in a reception state. The ranges in which the bars are broken indicate that the reception is suspended. The two vertical arrows in the third through fifth rows indicate that the authentication and key exchange process has been performed.
Since the VTR device in case 1 is not suspended after starting the reception, it performs the authentication and key exchange process after starting the reception, and afterwards performs the authentication and key exchange process only when the control key Kc is updated. Since the VTR device in cases 2 and 3 is suspended after starting the reception, it is required to perform the authentication and key exchange process when resuming the reception. Especially, although the VTR device in case 3 is suspended only for a short time without update of the control key Kc when the reception is resumed, the authentication and key exchange process is to be performed again, thereby increasing the total frequency of the authentication and key exchange process to be performed as compared with the other cases.
The present invention has been developed to solve the above described problems of the conventional data transmitting and receiving method, and the conventional data transmission and reception system, and aims at providing a data transmitting and receiving method, a data transmission apparatus, a data reception apparatus, a data transmission and reception system for improving the transmission and reception efficiency by improving the security by updating a control key, and reducing the frequency of the authentication and key exchange process, and a program recording medium storing a program executed to direct a computer to perform all or a part of the function of means provided in each of the above described apparatuses.
The second conventional technology has the following problems. If the transmission device used when the second conventional technology is described is an appliance having a high-level arithmetic operations capability, such as a personal computer or the like, transmitting the AV contents through an IEEE 1394 bus, and the reception device receives the AV contents through the IEEE 1394 bus, and if, as described above, the reception device has a high-level arithmetic operations capability, such as a personal computer or the like, then the reception device can decrypt the AV contents although the transmission device uses the “extended encrypting method” by encrypting and transmitting the AV contents, thereby no problems arise.
However, for example, a normal domestic electric appliance such as a set top box (satellite broadcast receiver) 59 as well as a personal computer 58, that is, a reception device can also be connected to a transmission device 57 through the IEEE 1394 bus as shown in FIG. 16. In this case, assume that the transmission device 57 encrypts and transmits the AV contents in the “extended encrypting method,” the personal computer 58 receives and decrypts the AV contents, and the set top box 59 tries to receive and decrypts the AV contents during the transmission. However, since the set top box 59 cannot use the “extended encrypting method,” it cannot decrypt the AV contents.